WordPress 4.2.4 : Here’s Why You Should Update Right Now

It’s been a busy year for the WordPress security team. Since the beginning of the year, there has been five security releases. And now team has just released a latest version of WordPress 4.2.4. Which is a security release for all previous versions and strongly recommended to update your sites immediately.

Apparently, WordPress 4.2.3 and its earlier version are affected by six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site.

It also includes a patch for a potential timing side-channel attack and prevents an attacker from locking a post from being edited.

In addition to the above security fixes, WordPress 4.2.4 contains fixes 4 other bugs from 4.2.3. You can find more information at the Release Notes.

  • WPDB: When checking the encoding of strings against the database, make sure we’re only relying on the return value of strings that were sent to the database. #32279

  • Don’t blindly trust the output of glob() to be an array. #33093

  • Shortcodes: Handle do_shortcode(‘<[shortcode]’) edge cases. #33116

  • Shortcodes: Protect newlines inside of CDATA. #33106

If you own a self-hosted or pre-installed WordPress websites then you should must check your sites to make sure they’re on WordPress 4.2.4. If your site hasn’t automatically updated yet, you should perform a full backup of site content and database and manually update.

Have questions about WordPress Development or the security issue? Contact us at our corporate website, and we would be happy to help you.

Like us on Facebook and follow on Twitter for more updates on this.

Also don’t forget to share your views in the comments!

[Source: WordPress]